Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorymoderateRed Hat Enterprise LinuxModerate Zsh Update for Red Hat Enterprise Linux 8 (RHSA-2022:2120-01)
An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: zsh security update Advisory ID: RHSA-2022:2120-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2120 Issue date: 2022-05-10 CVE Names: CVE-2021-45444 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Prompt expansion vulnerability (CVE-2021-45444) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat EnterpriseLinux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2054089 - CVE-2021-45444 zsh: Prompt expansion vulnerability 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): noarch: zsh-html-5.5.1-9.el8.noarch.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: zsh-5.5.1-9.el8.src.rpm aarch64: zsh-5.5.1-9.el8.aarch64.rpm zsh-debuginfo-5.5.1-9.el8.aarch64.rpm zsh-debugsource-5.5.1-9.el8.aarch64.rpm ppc64le: zsh-5.5.1-9.el8.ppc64le.rpm zsh-debuginfo-5.5.1-9.el8.ppc64le.rpm zsh-debugsource-5.5.1-9.el8.ppc64le.rpm s390x: zsh-5.5.1-9.el8.s390x.rpm zsh-debuginfo-5.5.1-9.el8.s390x.rpm zsh-debugsource-5.5.1-9.el8.s390x.rpm x86_64: zsh-5.5.1-9.el8.x86_64.rpm zsh-debuginfo-5.5.1-9.el8.x86_64.rpm zsh-debugsource-5.5.1-9.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-45444 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYnqRzNzjgjWX9erEAQhblA//Xatuceb2EDicQEAUNm2zTr1AhDt+k/jd CX84OMBpjE+xSlPHj6XAqrSNbF4kDJM3a/D2+oOTbfl4d+eVcnLkwMSMUG8pQIYJ R9wzzsrmLF1V1syZ+lDQ80nV1nuUu1sZpyA6kAiuL6yyHFnUBekVcjjhkPI9BIcv 81Wq6S3xHlXG5C0vuDmA/WA1cs5arwEH5hpovCO1CXZKPO6RQgGa7sutRu1NpaDI v0fp+zT2FYJKG/0KSK4Ao8rcTTP6MAlTuC+bKB1xnNZisMLjKc/4F+LQ5aAxeRs8 jA8fq0UUAE/YwyRjT8JOY/qdktYBY7OtU75XfNKpT3hMNZc8ahPKi4duPV4ZvKVX sp1EDMPtxtN2X6x1I2LRmRk8k71mmJndI2v+XYs9zhpAHCXoG7+6G7a3j+kJIjYT Y1SxfOPweeHW7hi5sXYlITNFT4zKC6uGvy434P+rTQo51RSXKCnc5jECX9r99q+N rWPXMK8F7nrSieOcbittPJ2XKlf/N1tm17K9B5DpwJj1qARq0vU3arbpFzdGT/MA Qf0yvfJedQ0+jEWxW/wG+ubd6a0yPwIa4A7UdNCPr95Gku30hyFjP1B2FGPt/MLr qP/5UERQHrBJn38lshyXkcNE9w0LgyeEraAb5H3l9eHgQy6SvdEkd0eoMvIeu6gT u94hWK/E0lo=grvx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 10, 2022
Red Hat
200
security advisorybuffer overflowsecurity fixScientific Linux 7: SLSA-2018:3073-1 Moderate: zsh Buffer Overflows
zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in > & fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (C [More...]. Synopsis: Moderate: zsh security and bug fix update Advisory ID: SLSA-2018:3073-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 CVE-2014-10071 CVE-2018-7549 CVE-2017-18205 CVE-2018-1071 -- Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in > & fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: Stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) * zsh: crash on copying empty hash table (CVE-2018-7549) -- SL7 x86_64 zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm - Scientific Linux Development Team . Key security patch released for bash to rectify several buffer overflow vulnerabilities, notably essential updates for CentOS 7.. Scientific Linux, zsh, security update, buffer overflow, software patch. . LinuxSecurity.com Team
Nov 26, 2018
Scientific Linux
198
security advisorylow severityinsufficient validationArch Linux: 201809-3 Low Severity: Zsh Insufficient Validation Risk
The package zsh before version 5.6-1 is vulnerable to insufficient validation. . Arch Linux Security Advisory ASA-201809-3 ======================================== Severity: Low Date : 2018-09-24 CVE-ID : CVE-2018-0502 CVE-2018-13259 Package : zsh Type : insufficient validation Remote : No Link : https://security.archlinux.org/AVG-764 Summary ====== The package zsh before version 5.6-1 is vulnerable to insufficient validation. Resolution ========= Upgrade to 5.6-1. # pacman -Syu "zsh> =5.6-1" The problems have been fixed upstream in version 5.6. Workaround ========= None. Description ========== - CVE-2018-0502 (insufficient validation) An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. - CVE-2018-13259 (insufficient validation) An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. Impact ===== A local attacker is able to execute arbitrary commands via a specially crafted shell script. References ========= https://www.zsh.org/mla/zsh-announce/136 https://security.archlinux.org/CVE-2018-0502 https://security.archlinux.org/CVE-2018-13259 . To improve security and fix validation vulnerabilities detailed in advisory ASA-201809-3, upgrade zsh on your Arch Linux. Follow these steps for a seamless update. Arch Linux Security,zsh Update,Insufficient Validation Fix,Low Severity Security. . Severity: Low. LinuxSecurity.com Team
Sep 25, 2018
•Low
ArchLinux
202
security advisoryimportant updateopenSUSEopenSUSE Leap 15.0: 2018:2741-1 Important: zsh Execve Risks
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2741-1 Rating: important References: #1107294 #1107296 Cross-References: CVE-2018-0502 CVE-2018-13259 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296). - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1018=1 Package List: - openSUSE Leap 15.0 (x86_64): zsh-5.6-lp150.2.6.1 zsh-debuginfo-5.6-lp150.2.6.1 zsh-debugsource-5.6-lp150.2.6.1 zsh-htmldoc-5.6-lp150.2.6.1 References: https://www.suse.com/security/cve/CVE-2018-0502.html https://www.suse.com/security/cve/CVE-2018-13259.html https://bugzilla.suse.com/1107294 https://bugzilla.suse.com/1107296 -- . Recent openSUSE security patch for bash fixes two significant vulnerabilities concerning the dangers of script execution.. openSUSE Security, zsh Update, Script Security, Execve Risks, Shebang Handling. . Severity: Important. LinuxSecurity.com Team
Sep 17, 2018
•Important
OpenSUSE
202
security advisorydenial of serviceprivilege escalationopenSUSE Leap 42.3 Security Advisory 2018:1093-1 Important Zsh Update
An update that solves 9 vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1093-1 Rating: important References: #1082885 #1082975 #1082977 #1082991 #1082998 #1083002 #1083250 #1084656 #1087026 #896914 Cross-References: CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885) - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977) - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975) - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250) - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998) - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656) - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026) - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991) - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002) - Autocomplete and REPORTTIME broken (bsc#896914) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-399=1 Package List: - openSUSE Leap 42.3 (x86_64): zsh-5.0.5-9.3.1 zsh-debuginfo-5.0.5-9.3.1 zsh-debugsource-5.0.5-9.3.1 zsh-htmldoc-5.0.5-9.3.1 References: https://www.suse.com/security/cve/CVE-2014-10070.html https://www.suse.com/security/cve/CVE-2014-10071.html https://www.suse.com/security/cve/CVE-2014-10072.html https://www.suse.com/security/cve/CVE-2016-10714.html https://www.suse.com/security/cve/CVE-2017-18205.html https://www.suse.com/security/cve/CVE-2017-18206.html https://www.suse.com/security/cve/CVE-2018-1071.html https://www.suse.com/security/cve/CVE-2018-1083.html https://www.suse.com/security/cve/CVE-2018-7549.html https://bugzilla.suse.com/1082885 https://bugzilla.suse.com/1082975 https://bugzilla.suse.com/1082977 https://bugzilla.suse.com/1082991 https://bugzilla.suse.com/1082998 https://bugzilla.suse.com/1083002 https://bugzilla.suse.com/1083250 https://bugzilla.suse.com/1084656 https://bugzilla.suse.com/1087026 https://bugzilla.suse.com/896914 -- . Fedora issues an important patch for bash, resolving seven vulnerabilities, boosting security measures against numerous threats.. openSUSE Security,zsh Update,Privilege Escalation Fix,Denial of Service Prevention. . Severity: Important. LinuxSecurity.com Team
Apr 27, 2018
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!